Displaying 4 results from an estimated 4 matches for "userpasswordexpiry".
2023 Oct 28
1
query account expired state
...the aptly named
> > 'ms-DS-User-Password-Expired' attribute which, as far as I can tell,
> > Samba knows nothing about.
>
> The unfortunate situation is that Samba (4.19.2) does not implement
> the 'ADS_UF_PASSWORD_EXPIRED' flag. It does support
> 'msDS-UserPasswordExpiry', but that returns and LDAP time value so it
> requires computation by the querier to figure out expiry.
I am on 4.18.8 and that doesn't have 'msDS-UserPasswordExpiry' or
'ms-DS-User-Password-Expired', but if it did, then the time stored
would be, as you say, in Windows...
2023 Oct 28
1
query account expired state
...has replaced the above with the aptly named
> 'ms-DS-User-Password-Expired' attribute which, as far as I can tell,
> Samba knows nothing about.
The unfortunate situation is that Samba (4.19.2) does not implement the
'ADS_UF_PASSWORD_EXPIRED' flag. It does support
'msDS-UserPasswordExpiry', but that returns and LDAP time value so it
requires computation by the querier to figure out expiry.
Another suggestion from ldapwiki.com: "All expired user accounts:
'(&(objectCategory=Person)(objectClass=User)(!accountExpires=0)(!accountExpires=9223372036854775807))'&quo...
2023 Oct 28
1
query account expired state
...amed
>>> 'ms-DS-User-Password-Expired' attribute which, as far as I can tell,
>>> Samba knows nothing about.
>> The unfortunate situation is that Samba (4.19.2) does not implement
>> the 'ADS_UF_PASSWORD_EXPIRED' flag. It does support
>> 'msDS-UserPasswordExpiry', but that returns and LDAP time value so it
>> requires computation by the querier to figure out expiry.
> I am on 4.18.8 and that doesn't have 'msDS-UserPasswordExpiry' or
> 'ms-DS-User-Password-Expired', but if it did, then the time stored
> would be, as yo...
2023 Oct 28
1
query account expired state
...#39; is set, I am not sure if Samba uses this.
Windows has replaced the above with the aptly named
'ms-DS-User-Password-Expired' attribute which, as far as I can tell,
Samba knows nothing about.
So, you are left with a couple of options:
Check if the 'computed' attribute 'msDS-UserPasswordExpiryTimeComputed'
exists and if it does, turn that into a Unix date.
Or calculate the expiry time from the contents of the 'maxPwdAge' and
the accounts 'pwdLastSet' attributes.
Rowland